Saturday, April 25, 2009

The Conficker Worm

Hello, I'm taking a break from politics to talk about computer malware. Specifically, Conficker. Conficker is one nasty worm. It has security professionals very concerned, because it is a general purpose program that can install other malware on command from "home" -- wherever "home" is -- some clues point to somewhere in the Ukraine. Conficker uses many strategies and tactics to hide itself, and to prevent detection and removal. There is no doubt that other bad guys are emulating Conficker, and soon a whole new generation of very sophisticated attacks will crop up that emulate Conficker in some or all ways. It is nearly impossible to completely harden systems against it, but you can certainly lower your risk by doing some specific things.

  1. Use a virus scanner and keep it up to date. Virus scanners aren't infallible, but they're better than nothing. Conficker is good at hiding from virus scanners, though, and it’s always a race between the virus scanner providers and the bad guys.
  2. Keep your operating system up to date. For many Windows users, the easiest thing is to enable automatic updates. Not using Windows might give you some temporary security through obscurity, but I would not expect the top two or three operating systems, especially MacOS, Linux and all of its variants, to be immune to Conficker for very long. It's authors are very knowledgeable and devious.
  3. Run with the lowest authority possible. I know it is annoying, but if you don't really need to be an administrator, don't be. Running as administrator gives you and every program you run -- accidentally or not (including worms) -- full control of your computer.
  4. Connect to the Internet through a NAT router* and/or at least make sure you use a personal firewall, such as Windows Firewall that ships with all currently supported Windows versions. Keep in mind, though, that personal firewalls can be defeated by malware, and certainly Conficker knows how to do this, and will if it has administrative access. It is much harder for malware to affect your router. But...
  5. If you use a NAT router, turn off Universal Plug'n'Play (UPnP). Conficker uses UPnP to open up your router to the internet, so that it can phone home and get instructions, and then run spambots and other nefarious applications.
  6. Use strong passwords for all of your accounts (especially administrative) on your computer and on your router. DO NOT leave the default passwords. Conficker contains a dictionary (frequently updated by its perpetrators) of all the default passwords for all of the popular routers, as well as all the passwords commonly used by humans everywhere. If it has your admin password, it owns your system, and by extension, it owns your identity.
Here's a link to a Reuters story with more information.

*NAT router, also called "broadband router" means any of a number of hardware routers from providers such as DLink, Linksys, Belkin, etc. They are designed for general networking, wireless networking, and sharing a single internet connection among several computers. While networking and sharing an internet connection might be the reason you bought it, security is one of the primary benefits. Just make sure you set it up for optimal security, and change the default administration passwords.

No comments :

Post a Comment

This is a moderated forum. Please try to avoid ad-hominem attacks and gratuitous profanity. Justifiable profanity may be tolerated.

I am sorry, but due to the un-manageable volume of spam comments, I have enabled the scrambled word verification. I apologize for the inconvenience.